Book an appointment with us, or search the directory to find the right lawyer for you directly through the app.
Find out moreThis special edition of Law Update, marking Al Tamimi & Company’s 35th anniversary, explores the evolving legal landscape of energy and climate law across the region.
As the Middle East prioritises sustainable growth, this edition examines key developments shaping the future of the sector. From the UAE’s Federal Law No. 11 of 2024 to advancements in green hydrogen, solar financing, and carbon capture technology, we spotlight the innovative strides and challenges defining this critical area.
We also go into Saudi Arabia’s initiatives to integrate carbon capture into its industrial expansion and Egypt’s AFRICARBONEX platform, which underscores the region’s commitment to a sustainable and inclusive future.
Join us as we celebrate 35 years of legal excellence and forward-thinking insights, paving the way for a more sustainable tomorrow.
Read NowThe Data Protection Authority (currently the Ministry of Justice, Islamic Affairs and Waqf) (“Authority”) has recently issued three (3) draft decisions for consultation (“Draft Decision(s)”), pursuant to certain articles in the Personal Data Protection Law (Law No. 30 of 2018) (“PDPL”) stipulating the issuance of executive regulations. The Authority confirmed that it is currently accepting feedback on the Draft Decisions and will continue to do so until the end of June 2021. Feedback can be sent to the following e-mail address: dp-team@moj.gov.bh.
We have set out below some important highlights of the Draft Decisions.
Articles 17 – 24 of the PDPL provide data subjects with certain rights (including but not limited to the right to be notified of (or to object to) processing and the right to withdraw consent.
The Draft Decision on data subjects’ rights further emphasises and clearly sets out the data subjects rights as provided for under the PDPL. Most importantly, the draft decision lists the different circumstances whereby consent of the data subject will be required prior to processing personal data, as well as the conditions for valid consent and the procedures for its withdrawal.
This Draft Decision makes clear that Data Protection Guardians must be enrolled in a register to be established by the Authority. The Draft Decision sets out: (i) the eligibility criteria to be registered as a Data Protection Guardian with the Authority, and (ii) the procedures to be followed for registering as Data Protection Guardians (e.g. the supporting documents for the application to the Authority).
The PDPL obliges data controllers to implement appropriate technical and organisational measures to guarantee the protection of personal data.
This Draft Decision sets out obligations on data controllers to adopt policies and procedures with the aim of ensuring the secure and safe processing of personal data. These include (but are not limited to): (i) the appointment of a ‘Data Protection Officer’ within the organisation who will have certain duties and responsibilities as prescribed under the Draft Decision, (ii) performing a Data Protection Impact Assessment for any new products/services offered by the organisation to assess their impact on personal data; and (iii) developing internal privacy policies.
Most importantly, the PDPL will finally set out the procedures to be followed by data controllers/processors upon a data breach under this Draft Decision.
As the leading law firm in the Middle East & North Africa region and with a reputable and dedicated regional data privacy practice, Al Tamimi & Company is well placed to assess the impact of the PDPL on your organisation.
To learn more about our services and get the latest legal insights from across the Middle East and North Africa region, click on the link below.